Vulnerabilities > GOG > Galaxy > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-30 CVE-2021-26807 Untrusted Search Path vulnerability in GOG Galaxy 2.0.28.9
GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading.
local
gog CWE-426
4.4
2020-08-21 CVE-2020-24574 Use of Hard-coded Credentials vulnerability in GOG Galaxy
The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands.
local
gog CWE-798
6.9
2019-04-02 CVE-2018-4051 Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy 1.2.47
An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS.
local
low complexity
gog CWE-732
4.9